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DETAILED ACTION 

I. Claims 12-16 have been added. 

II. Claims 1-16 have been examined. 

III. Responses to Applicant's remarks have been given. 

Response to Arguments 

1. The 35 U.S.C. 112, second paragraph, rejection of claims 2, 4, 7, 8 and 10 is 
hereby withdrawn due to Applicant's amendments. However, said rejection is 
maintained for claim 1 1 due to the language "some of said tables are possibly reserved 
for licit references" still remaining within claim 1 1 . 

2. Applicant's arguments filed 06/09/1 0 have been fully considered but they are not 
persuasive. With regards to the Applicant's claim language of storing "an entire set of 
references...", they are rendered moot in view of the new grounds of rejection set forth 
below. 

Claim Objections 

3. Claim 7 is objected to because of the following informalities: improper status 
identifier. Claim 7 has amendments made to its claim language; however, the status 
identifier is "Previously Presented". Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification sliall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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4. Claim 1 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

5. The term "possibly" in claim 1 1 is a relative term which renders the claims 
indefinite. The term "possibly" is not defined by the claim, the specification does not 
provide a standard for ascertaining the requisite degree, and one of ordinary sl<ill in the 
art would not be reasonably apprised of the scope of the invention. 

Claim Rejections - 35 USC § 102 

(b) the invention was patented or described in a printed publication in tliis or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-4 and 9-14 are rejected under 35 U.S.C. 102(b) as being anticipated by 
United States Patent No. 6,658,573 to Bischof et al., hereinafter Bischof. 

6. On page 4 of the Applicant's Specification, with regards to the terms "licit" and 
"illicit", it is stated that "the actual definition of what is a licit or illicit reference depends 
on the system, on the programming language and possibly on the context". Thus the 
claim language is open to a broad interpretation and is disclosed via the citations of the 
prior art below. 

7. Regarding claim 1 , Bischof teaches a method for controlling access to data 
handled by references in a system for executing programs , said programs including 
processes and tasks, wherein upon executing a program, the method comprises the 

following steps: 

having the system store an entire set of references which the program obtains by 
means considered as licit , said program comprising code from a single Java Card 
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package (column 6, lines 13-24 and 44-62, column 9, lines 39-54, "Java library", column 

12, lines 52-63 and column 13, lines 41-54). 

before any operation intended to be forbidden in case said operation deals with values 
which are not licit references, having the system check that said values are among the 
licit references which have been stored for this program, and accepting the operation^ 
responsive to said step of checking, when said checking determines said values are 
among the licit references, and rejecting the operation responsive to said step of 
checking, when said checking determines said values are not among the licit references 
(column 7, lines 36-67, "reject the invocation", "assign and/or check rights to the caller 
entity"). 

8. Regarding claim 2, Bischof teaches wherein the references are pointers (column 

13, lines 6-25 and 41-54 and column 14, lines 46-59). 

9. Regarding claim 3, Montgomery teaches wherein the licit means for a program in 
order to obtain reference values comprise at least one of the following operations: 
reading a variable or a datum belonging to the system or to another program, writing 
into a variable or datum of said program by the system or by another program, receiving 
arguments upon calling a routine of said program by the system or by another program, 
utilization of the return value from the call by said program of a routine belonging to the 
system or to another program, having said program catch up a raised exception during 
execution of a routine belonging to the system or to another program, receiving by said 
program an interruption or a valuated signal (column 5, lines 61-67, column 6, lines 1-3 
and 25-31 and column 7, lines 3-15). 
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1 0. Regarding claim 4, Bischof teaches wherein the system comprises a mechanism 
which determines whether a given value is a valid reference (column 7, lines 30-57, "If 
the guard object indicates no error, execution continues as usual"). 

1 1 . Regarding claim 9, Bischof teaches wherein the whole of the licit stored 
references is represented by a table (column 13, lines 6-25). 

12. Regarding claim 10, Bischof teaches wherein the set of the licit stored references 
is emptied, by means of a conservative garbage collector, of references which have 
become inactive (column 15, lines 4-11 and column 16, lines 1-9, "the garbage 
collection Is responsible for removing obsolete objects and freeing up the memory"). 

1 3. Regarding claim 1 1 , Bischof teaches wherein: the references are represented In 
the system by handles and tables of pointers, some of said tables are possibly reserved 
for licit references, the sets of licit stored references are represented by vectors of bits 
associated with some of the tables of pointers, where a bit has a given Index which 
represents the presence or the absence of the corresponding reference In said sets, 
said vectors of bits are represented by means of a sequence of indexes or lengths 
corresponding to the extents of bits positioned in the same way (column 13, lines 6-25 
and 41-54 and column 14, lines 46-59). 

14. (New) Regarding claim 12, Bischof teaches wherein the references are handles 
(column 14, lines 38-59, "a pointer to the appropriate guard dispatch table Is assigned to 
the executing thread"). 

[According to page 3 of the Applicant's Specification, "A handle is an index 
in a table of pointers (and more generally in a table of references). The 
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values of pointers and liandles also sometimes include specific bits which 
give information on the datum (for example on the referenced memory 
area or on the information therein) or, in the case of handles, on the 
associated table." Thus, the claimed "handles" are interpreted by the 
Examiner to pertain to Bischof s disclosure of a "guard dispatch table" and 
the associations related therein.] 

15. (New) Regarding claim 13, Bischof teaches wherein the stored licit references 
are limited to the sole references on data considered as sensitive for the system 
(column 6, lines 13-24 and 44-62, column 9, lines 55-67). 

16. (New) Regarding claim 14, Bischof teaches wherein said checks check that the 
values are among the sensitive licit references which were stored for this program or 
else which are references determined as valid and dealing with data which are not 
sensitive (column 7, lines 36-67, "reject the invocation", "assign and/or check rights to 
the caller entity" and "perform a notification and/or auditing service"). 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 
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1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

17. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bischof and further In view of United States Patent No. 7,127,605 to Montgomery et al., 
hereinafter Montgomery. 

1 8. Bischof teaches the claimed invention, as cited within independent claim 1 . 
However, Bischof does not teach the claim features of dependent claims 5 and 6 
pertaining to the functionality of the firewall. Montgomery teaches said features, as 
cited below. 

19. Regarding claim 5, Montgomery teaches wherein the system comprises a firewall 
which forbids certain operations by certain programs on certain referenced data, data 
considered as being sensitive for the system being those for which the operations are 
not forbidden by the firewall (column 3, lines 43-62, "the SIO 206 still cannot access 216 
methods in the client applet 100; such access is still prevented by the firewall 106" and 
column 4, lines 21-66, "server applet 102 is still prohibited from accessing 310 the client 
applet 1 00 due to firewall 1 06"). 

20. Regarding claim 6, Montgomery teaches wherein the firewall forbids certain 
operations by a program on data belonging to other programs, except on those declared 
as shareable (column 3, lines 43-62, "the SIO 206 still cannot access 216 methods in 
the client applet 100; such access is still prevented by the firewall 106" and column 4, 
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lines 21-66, "server applet 102 is still prohibited from accessing 310 the client applet 
100 due to firewall 106"). 

21 . The motivation to combine would be to have "the applications being able to share 
methods in a secure manner using delegates to enforce the security policy that each 
application wishes to impose with regard to each method shared" {Montgomery - 
column 2, lines 47-54). 

22. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Montgomery with the 
teachings of Bischof so that "the client applet 100 and the server applet 102 may freely 
communicate with the JCRE 108, but the client applet 100 is prevented from referencing 
1 10 the server applet 102 by the firewall 106 to ensure security" (MonfgomeAy- column 
3, lines 38-42). 

23. Claims 7, 8 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bischof and Montgomery, and further in view of United States Patent No. 
7,140,549 to de Jong, hereinafter de Jong. 

24. Though Bischof teaches the claimed invention as cited within independent claim 
1 , it does not teach the claimed features within claims 7 and 8 pertaining to 
"Javacard.framework.Shareable". Montgomery and de Jong teach said features, as 
cited below. 

25. Regarding claim 7, Montgomery teaches wherein the system is based on a Java 
Card virtual machine and wherein: 
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the data declared as shareable and therefore sensitive , are objects which are instances 
of classes which implement the "Javacard.framework.Shareable" interface (Figures 1- 
26, 3a and 3b, column 3, lines 31-60 and column 6, lines 32-62, 
"JCSystem.getAppletSharablelnterfaceObject"). 

26. Further, for claim 7, Montgomery teaches some of the claimed features, as cited 
above but does not teach the features pertaining to "a program consists of the whole of 
the code which is found in a 'Java Card package'; the firewall is that of the Java Card 
Runtime Environment (JCRE)". Thus, de Jong is cited to teach these claimed features. 

27. Regarding claim 7, de Jong teaches a program consists of the whole of the code 
which is found in a "Java Card package"; the firewall is that of the Java Card Runtime 
Environment (JCRE) (Figure 3 and column 8, lines 21-31 and 38-49). 

28. The motivation to combine would be " for having two or more applets within a 
single firewall is where one applet manages the code and classes of the other 
applications(s) that are within the same firewall" {de Jong - column 8, lines 26-29). 

29. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of de Jong with the teachings 
of Montgomery and Bischof due to "it is clearly important to determine the correct 
firewall for the applet, so that the applet is installed into the proper location" {de Jong - 
column 8, lines 46-49). 

30. Regarding claim 8, Montgomery teaches wherein the system stores in sets of 
sensitive licit references associated with a package all the references which appear in 
the following cases: receiving arguments of "Javacard.framework.Shareable" type when 
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a method of said package is called by another package or by the system, 
"Javacard.framework.Shareable" type return value when said package calls a method 
from another package or from the system (including the a 
"getAppletSharreablelnterfaceObject" method of "Javacard. framework. JCSystem 
package"), reading a public static field of "Javacard.framework.Shareable" type in 
another package or in the system, catching up an instance object of a class from 
(inheriting from) "java.lang.Throwable" and implementing 

"Javacard.framework.Shareable" (Figures 1-2d, 3a and 3b, column 3, lines 31-60 and 
column 6, lines 32-62, "JCSystem.getAppletSharablelnterfaceObject"). 

31 . The motivation to combine would be to have a repository containing the means 
for accessing the desired software application/program. 

32. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Montgomery with Bischof 
so that "instead of granting a client application access to an interface of the server 
application, the client is given access to a delegate object. The delegate object controls 
access to the shared methods of the server application by enforcing a security policy, 
using security mechanisms" {Montgomery - co\umn 4, lines 7-11). 

33. Bischof teaches the claimed invention, as cited within independent claim 1 but 
does not teach the claimed features within dependent claim 15 pertaining to the types of 
objects within the system. Montgomery teaches said features, as cited below. 

34. (New) Regarding claim 15, Montgomery teaches wherein the data declared as 
shareable and therefore sensitive, are objects with public use of the system: global 
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arrays and Entry Point Objects of JCRE (column 3, lines 43-60, "the server applet 102 
responds by returning 208 to the JCRE 108 a reference to a shareable interface object 
(SIO) 206 if access is granted to the client, or null if access is not granted"). 

35. The motivation to combine would be to have "the applications being able to share 
methods in a secure manner using delegates to enforce the security policy that each 
application wishes to impose with regard to each method shared" {Montgomery - 
column 2, lines 47-54). 

36. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Montgomery with the 
teachings of Bischof so that "the client applet 1 00 and the server applet 1 02 may freely 
communicate with the JCRE 108, but the client applet 100 is prevented from referencing 
1 10 the server applet 102 by the firewall 106 to ensure security" (MonfgomeAy- column 
3, lines 38-42). 

37. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bischof 
as applied to claim 1 1 above, and further in view of United States Patent No. 7,140,549 
to de Jong, hereinafter de Jong. 

38. With regards to claim 16, though Bischof teaches the claimed invention, as cited 
above, Bischof does not teach the claim language found within claim 16 pertaining to 
"said vectors of bits are hollow", de Jong teaches said claim language, as cited below. 

39. (New) Regarding claim 1 6, de Jong teaches wherein said vectors of bits are 
hollow (column 17, lines 26-34, "the appropriate number of null bytes"). 
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40. The motivation to combine would be that in the event that "most of the bytes in 
the AID parameter passed from the terminal to the card are zero, they can be truncated 
to fit the parameter into the AID byte array" {de Jong - column 17, lines 40-43). 

41 . Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of de Jong with the teachings 
of Bischof in order that objects "are only instantiated if particularly required, thereby 
saving storage on the card" {de Jong - column 1 1 , lines 26-29). 

Conclusion 

42. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

43. The following United States Patents and Patent Application Publications are 
further cited to show the state of the art with respect to data access, such as: 

United States Patent Application Publication No. US 2003/0120593 to Bansal at 
al., which is cited to show a method and system for delivering multiple services 
electronically to customers via a centralized portal. 

United States Patent Application Publication No. US 2005/0044197 to Lai, which 
Is cited to show a structured methodology and design patterns for web services. 
United States Patent No. 6,633,984 to Susser et al., which Is cited to show 
techniques for permitting access across a context barrier on a small footprint 
device using an entry point object. 

United States Patent No. 6,151,688 to Wipfel et al., which is cited to show 
resource management in a clustered computer system. 
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United States Patent No. 7,1 17,284 to Watt et al., which is cited to show vectored 
interrupt control within a system having a secure domain and a non-secure 
domain. 

United States Patent No. 7,149,862 to Tune et a!., which is cited to show access 
control in a data processing apparatus. 

United States Patent No. 7,171 ,539 to Mansell et al., which is cited to show an 

apparatus and method for controlling access to a memory. 

United States Patent No. 7,305,534 to Watt et al., which is cited to show control 

of access to a memory by a device. 

United States Patent No. 7,305,712 to Watt et al., which is cited to show security 
mode switching via an exception vector. 

United States Patent No. 6,560,774 to Gordon et al., which is cited to show a 
verifier to check intermediate language. 

44. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEREMIAH AVERY whose telephone number is 
(571)272-8627. The examiner can normally be reached on Monday thru Friday 8:30am- 
5pm. 

45. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Korzuch can be reached on (571) 272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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46. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Jeremiah Avery/ 
Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 2431 



